Subject Re: [ib-support] Where I find a really good security specific IB/FB group?
Author Scott Taylor
At 10:54 PM 14/07/2002, you wrote:
>On 12 Jul 2002 at 9:38, Scott Taylor wrote:
> >The worse security issues, that I can see, is plain text passwords
> >that get sent over the net to port 3050, and that Firebird runs as
> BTW plain text passwords aren't sent over the net. Password is
>hashed on the client side by DES64 and is going through the net
>hashed. On the server side arrived hash is hashed again and then
>compared with the stored value.

That is not a secure way to handle passwords over a public network with the
source code readily available. That might work fine for proprietary
software, then again, even that will only take time to dehash it. As far
as I'm concerned, a hash that is not machine specific is still plain text,
and I have yet to register any machines on my networks with any FB or IB